Whitepaper supplier code of conduct benchmarking study


Published on

Published in: Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Whitepaper supplier code of conduct benchmarking study

  1. 1. Supplier codes of conduct: A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape Whitepaper 29 September 2013
  2. 2. Contents 1. Introduction 2. Industry supplier code scores 3. Averages by industry 3.1 Top three 3.2 Bottom three 3.3 Top ten codes 3.4 Commentary on the top five codes 4. Employee code versus supplier code 5. Naming the code 6. Evolution of supplier codes 7. Underlying guidelines 8. The hallmarks of supplier code of conduct best practices 8.1 Accessibility 8.2 Leadership visibility and values 8.3 Understanding the code 8.4 Risk topics 8.5 Reporting violations 8.6 Look and feel 8.7 Implementation and enforcement 8.8 Innovation and CSR 9. Importance of supplier codes Appendix Company codes used in this study 4 5 7 7 7 8 9 11 12 13 14 15 15 15 16 17 20 21 21 22 23 25 25
  3. 3. Page 4 1. Introduction Today’s supplier codes of conduct are better and more plentiful than those of a few years ago. Many companies are starting to recognise the importance of having a written code of conduct for their suppliers and other third parties, and the value that such a code can create for their company’s business. The code sets a consistent standard for vendor organisations, is a vital part of corporate social responsibility (CSR) and compliance and ethics programmes, and helps to advance integrity, responsible business practices and human rights. Most companies have a uniform set of standards for the products and services they purchase, and similar standards should be in place for the ethical business principles that suppliers are expected to maintain. The consequences for a fault in the ethics of the supply chain can be just as catastrophic as a fault in the products being supplied, if not more catastrophic. The supplier code is also becoming a document that is of importance to the public (including consumers and investors). Many companies are beginning to significantly improve their existing supplier codes, or draft a supplier code for the first time. The driving forces behind the increased focus on supplier codes can be attributed to more global and sophisticated supply chains, increased public scrutiny on corporate responsibility, human rights and environmental compliance, new legislation enforcement developments, as well as the pioneering work of some leading organisations that set the trends and raise the bar. These factors are driving supplier codes into a new era of quality and best practices. When looking at the 150 supplier codes that were a part of this study, one of the major conclusions is that the majority were in need of improvements in terms of both content and presentation. The average score for the population of supplier codes examined was 57.16 on a zero-to-100 scale – the equivalent of a C+ grade. While there are some companies that put a great deal of effort, time, money and resources into creating a best-practice code, many companies’ codes were too brief and difficult to understand. Hundreds of companies’ websites were examined in an effort to locate a population of codes for the purposes of the study, but most companies either did not have a supplier code or did not make it available to the public. So while the content of some of the codes that were located could be improved on various levels, commendation must be given to the companies that had publicly-available supplier codes in the first place. The companies that scored well in this study did a number of things consistently, and provided: • a clear explanation of rules and expectations for suppliers • adequate risk topic coverage • unambiguous reporting avenues • clear language about enforcement and monitoring which clearly stated the right of the company to audit and explicitly mentioned the consequences for non-compliance • well-thought-out design and presentation. The most robust codes also included a personalised letter of introduction from a senior executive, setting strong tone from the top. The Red Flag Group
  4. 4. Page 5 2. Industry supplier code scores In August 2013 The Red Flag Group examined over 500 randomly-selected corporate websites and from this information we compiled a list of 150 supplier codes of conduct. (For the full list of codes examined please refer to the Appendix.) With each industry examined there was a wide range of scores (from A to D) and codes that were above and below average. No industry was found to be fully comprised of either substandard or stellar codes – all industries had a mix of good codes and codes that needed significant improvement. Nevertheless, there were three clear standout industries: energy and extractive, engineering and construction, and healthcare products and services. These three industries had an average score at least seven points above other industries. Their codes tended to address all key risk topics, were easier to understand, provided a clear process for making reports, and were not shy to stress enforcement and monitoring. They also tended to set expectations or provide guidance on how their codes should be implemented by their supplier organisations. While the industry average scores could be in part explained by the choice of codes that made up a particular industry and the presence of several particularly strong or weak codes in the industry mix, there could also be some industry-specific factors and trends that may help explain the score. Industry Average score Distance from average Grade (A–F) Aerospace and defence 55.24 -1.92 C+ Automotive 61.92 4.76 B- Chemicals 61.04 3.88 B- Consumer 54.49 -2.67 C+ Electronics, technology and telecommunications 61.99 4.83 B- Energy and extractive 69.08 11.92 B Engineering and construction 67.48 10.32 B Forestry, paper and packaging 48.88 -8.28 C Healthcare products and services 65.49 8.33 B- Industrial manufacturing 60.00 2.84 B- Leisure and hospitality 48.78 -8.38 C Retail 52.21 -4.95 C+ Transportation 50.35 -6.81 C+ Overall average 57.16 C+ A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  5. 5. Page 6 In our opinion, the main factors that contributed to these industries being the top performers are the regulatory environment (pharmaceutical and healthcare laws, conflict minerals laws), greater resource availability, prominence of the supply chain in the business model and increasing public scrutiny. Often the type of work done in the industry dictates the amount of scrutiny placed on the supply chain and the supplier code of conduct. Conversely, there were laggard industries that for a variety of possible reasons had codes that were at least seven points lower on average. Some of the key factors that contributed to the low scores for these industries were: • the failure to address important risk topics • lack of tone from the top • scant references to company values • weak or vague enforcement and monitoring language • bland presentation • “legalese” writing style. The Red Flag Group
  6. 6. Page 7 3. Averages by industry 3.1 Top three 3.2 Bottom three A number of factors could account for the above industries being the leaders. With more importance placed on environmental, anti-corruption and other legal and regulatory compliance there is much more scrutiny by the regulators and general public to create greater transparency and accountability in the supply chain. Conflict minerals laws put a significant pressure on the extractive industry, including smelters and refiners. Companies aim to reassure investors and consumers that potential conflict minerals concerns have been addressed. Other plausible explanations for the above-average codes in these industries are that they have better-quality compliance programmes in general and a higher allocation of budget for creating supplier codes of conduct. All three of the above industries are known for having a relatively-high degree of regulation and/or litigation, and are therefore inclined to have superior compliance programmes. Internal buy-in from executives regarding supply-chain compliance could equate to more focus on the creation of a supplier code of conduct, resulting in a better code. Lastly, it could be contended that the companies in these industries rely on the supply chain more than many other industries do. These companies often rely on suppliers for quality products in large volumes. More dealings with suppliers can result in more exposure to risk and therefore more possible violations. A robust supplier monitoring and auditing programme with a premium code could prove a worthwhile return on investment for companies in these industries. When looking at the three industries with the lowest averages, a number of factors could be contributing to the lower-than-average scores. One factor is the general lack of publicly-available supplier codes; locating codes for these three industries was more difficult than locating codes for other industries. Perhaps one of the most puzzling underperformances was from the forestry, paper and packaging industry, despite the presence of some solid codes such as those of Kimberly-Clark and SCA. The industry is subject to significant public scrutiny and risk due to the high environmental and human impact. We would therefore expect this sensitivity to be adequately translated into strong supplier codes. There are a number of other programmes in place for sustainability in ethical sourcing and responsible forestry, but the increased focus on CSR has not yet been apparent in supplier codes. Industry Average score Energy and extractive 69.08 Engineering and construction 67.48 Healthcare products and services 65.49 Industry Average score Transportation 50.35 Forestry, paper and packaging 48.88 Leisure and hospitality 48.78 A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  7. 7. Page 8 3.3 Top ten codes Transportation companies, by their nature, are some of the most global organisations. This could account for their placement in the bottom three, as the confusion surrounding the multitude of applicable global laws and standards can cause codes to be ill-defined. While these concerns may be legitimate for the transportation industry, many other global-oriented industries deal with these issues and have adequate supplier codes. One of the industries that heavily relies on directly appealing to consumers is the leisure and hospitality industry, primarily made up of restaurant and hotel companies. These companies should have a major focus on the supply chain to ensure quality of products. Another less-apparent key audience of supplier codes is consumers. These consumers want to know where their meal or bath soap is coming from, and many companies advertise their quality, “farm fresh” ingredients. Despite this, many of the companies in the leisure and hospitality industry appear to have weak or unavailable codes, with the exception of a few top performers, such as McDonald’s. Company Industry Average score Grade (A-F) Balfour Beatty Engineering and construction 98.04 A CH2M Hill Engineering and construction 97.10 A McDonald’s Leisure and hospitality 95.06 A ArcelorMittal Energy and extractive 90.20 A- Merck Healthcare products and services 87.93 A- Siemens Industrial manufacturing 87.85 A- Horizon Blue Cross Blue Shield of New Jersey Healthcare products and services 86.51 A- Pacific Gas and Electric Company (PG&E) Energy and extractive 83.61 A- Fluor Engineering and construction 82.99 B+ Daimler AG Automotive 80.49 B+ The Red Flag Group
  8. 8. Page 9 3.4 Commentary on the top five codes 5 – Merck Merck did what many companies forgot to do with their supplier codes: translate it. Merck’s code is available in 27 different languages. A comprehensive table of contents makes sections easy to find and the pages are not overcrowded with too many words. Most of the codes we reviewed look like contracts or bland Microsoft Word documents, but Merck’s supplier code uses colours and photographs. Another major highlight of Merck’s code is the multiple avenues available for readers to make reports or speak up. Included on the last page of the code is a web address, email address and phone and fax numbers for anonymous reporting. Merck was also one of the few companies that included industry-specific risk topics, such as ethical animal testing and pharmaceutical marketing. 4 – ArcelorMittal Even in the strong energy and extractive industry, ArcelorMittal’ this supplier code of conduct stands out as a top performer. One of the major highlights is the opening letter from the senior vice presidents who are involved in procurement. It is strongly recommended, but unfortunately not a universal practice, that a supplier code contains a statement from an executive. Adding this opening statement sets proper tone from the top and shows readers that the supplier code is a document of significance. Another standout characteristic of the code is the discussion of the systems behind it such as how suppliers should train their employees on the code, the right to audit suppliers and the need to maintain relevant documents evidencing compliance. The presentation of ArcelorMittal’s code is also far above average. 3 – McDonald’s The McDonald’s supplier code of conduct has probably the best branding of all of the codes that were reviewed. The golden arches appeared multiple times throughout, along with pictures of McDonald’s products, trucks, packaging and workers. The code contained quotes from senior executives throughout, stating the importance of the supply chain, standards of excellence and corporate values. This earned McDonald’s maximum scores in values and leadership visibility. A great innovation in the McDonald’s code is a new way for readers to make reports: text messaging via cell phone. Given the popularity of text messaging it is truly pioneering to include this as a method of raising concerns. McDonald’s code is very easy to understand and straightforward, which makes translating it to a global audience much easier. Too many long words and complex sentences increase the likelihood that the employees of suppliers won’t be able to understand the code. A compact, simple, direct code should be the goal for code writers. A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  9. 9. Page 10 2 – CH2M Hill Risk topics are arguably the most important part of a code of conduct. CH2M Hill’s code scored the highest in the category of risk topics. The clear and comprehensive guidance provided in the code on all key topics lets readers know what is expected of supplier employees. The code is skillfully written at a level that can be understood by a wide audience. Listing reporting avenues should be standard for all supplier codes but CH2M Hill takes this further, reassuring potential reporters by highlighting and purposefully discussing whistleblower protection. It is one thing for employees to know about a violation and know where a report could be made, but getting them to actually make the report is something different. Language about non-retaliation is essential and should be present in all codes. 1 – Balfour Beatty Balfour Beatty owns the top supplier code overall. It was recently updated (in March 2013), and is innovative, comprehensive, stylish and practical. The code is structured around four main values: integrity, teamwork, excellence and respect. There is a sincere introduction from the CEO that sets the stage for the truly great code that follows. Balfour Beatty’s code is also one of the very few that utilises realistic examples. The practical examples deal with topics of inappropriate gifts and entertainment, health and safety, and subcontracting. The code looks more like a webpage or a polished marketing brochure than an inert PDF document. It is certainly one of the most cutting-edge, innovative and complete codes out there today. The Red Flag Group
  10. 10. Page 11 4. Employee code versus supplier code It is standard practice and a legal requirement for publicly-traded companies in many jurisdictions to have a corporate code of conduct. When drafting a supplier code, a company may naturally turn to its employee code of conduct as a starting point. While the two documents are similar in nature, a number of things must be considered to create a quality supplier code of conduct that is distinct from the employee code of conduct but similar in calibre. The main differences between supplier and employee codes are audience, function and length. The most obvious difference is the intended audience. The readers of employee codes are company employees, where supplier codes are directed at employees of an entirely different company. Since supplier codes generally apply to an entire global supply chain, the many cultures and varying laws around the globe must be taken into account. With these varying audiences, the content of codes in terms of topics and breadth is a great divergence. The functions of the two codes are much different. The supplier code’s function is to mitigate unethical behaviours, alert the company of supplier malfeasance, and give the company a means by which to control supplier relations, promote human rights and decrease possible negative publicity in case of supplier impropriety. Lastly, supplier codes are much shorter than employee codes, in both pages and word count. The typical supplier code will be around half to one-third of the size of a typical employee code. A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  11. 11. Page 12 5. Naming the code Terminology of supplier codes The titles for supplier codes of conduct varied to some extent between each code that was examined. The codes typically included “supplier”, “vendor”, “third parties” or “business partners” in their titles. By far the most common nomenclature was simply “supplier”. This seems to be the most straightforward title for the code and the generic title when referring to or discussing a code intended for a companies’ suppliers, contractors, vendors etc. 66.10% “Supplier” 18.40% “Business partner” “Vendor” 6.90% Others 6.10% “Third party” 2.00% The Red Flag Group
  12. 12. Page 13 6. Evolution of supplier codes Today, employee codes are by and large far more advanced than supplier codes. As there are legal requirements to have a code of conduct directed at employees and officers, they are more commonplace and are a standard benchmark for a company’s ethics and compliance principles. Since the genesis of employee codes with the Sarbanes-Oxley Act in 2002, the popularity and standards of codes have been raised year after year. Employee codes are generally thought of as being more important than supplier codes; accordingly, more time, effort and resources are devoted to making a suitable employee code than for a supplier code. Also, as a company’s employee code is under more internal scrutiny, it typically receives approval from the chief executives and board of directors. Increased scrutiny from senior leaders could be a driving force for improving the quality of supplier codes in all industries. Just a few years ago, a vast majority of Fortune 1000 companies did not have a supplier code. Any language regarding ethical standards was relegated to supplier contracts or other purchasing agreements. For many organisations, if a supplier code was in place, it was typically a black-and-white document with no pictures which only touched on very basic risk topics, such as human rights and confidential information. It would be rare to find language about making reports or to see a letter of introduction from a senior executive. With the creation of standards such as the United Nations Global Compact or the California Transparency in Supply Chains Act of 2010, along with some leading industry initiatives, many companies began to give more credence to existing supplier codes or created a supplier code for the first time. In the current supplier code landscape only a handful of organisations’ codes are in line with best practices, but this is the highest standard that supplier codes of conduct have been. Many companies are starting to introduce the user-friendly aspects of their employee codes into their supplier codes, and overall supplier codes are trending upward. A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  13. 13. Page 14 7. Underlying guidelines In the United States, the prevailing guidelines for employee codes are The Sarbanes-Oxley Act of 2002 and the stock exchange listing requirements for publicly-traded companies. The guidelines set forth in these laws are broad. Notably, they list a handful of topics that ought to be covered and the general requirement that a code must be an “effective” document. From these very general standards laid out by the government and regulators, robust best practices for employee codes have been established. With supplier codes, the mostly widely referenced and internationally recognised standards are the ten principles set forth by the United Nations Global Compact. These are segmented into four main categories: Human Rights, Labour, Environment and Anti-Corruption. Similar to the standards for employee codes set forth under the Sarbanes-Oxley Act, these principles are very broad and universal in nature and intent. It is the job of code writers to expand upon these basic principles and form them into practical guidance for suppliers. Another key driving initiative behind supplier codes and their development has been the California Transparency in Supply Chains Act of 2010. This law, which came into effect on 1 January 2012, requires retail sellers and manufacturers doing business in California to “disclose their efforts to eradicate slavery and human trafficking from their direct supply chains for tangible goods offered for sale”. Many of the companies whose supplier codes were examined as a part of this study also had a public webpage devoted to compliance with the Act. Other companies did not have a supplier code but did, at least, have some public language about compliance with the Act. Industry-specific standards are another main influence for guidelines in supplier codes. Some industry trade groups have established high-level principles similar to the United Nations Global Compact for their specific industry risks and laws. These include the Extractive Industries Transparency Initiative principles and – probably the most popular of all the industry group standards – the Electronic Industry Citizenship Coalition Code. These types of self-regulating standards are of great importance and similar standards should be adopted by other industry groups and companies alike. The Red Flag Group
  14. 14. Page 15 8. The hallmarks of supplier code of conduct best practices 8.1 Accessibility Perhaps the most straightforward of all the hallmarks for supplier codes is that of accessibility. Best-practice supplier codes should be in a downloadable format (preferably PDF), linked on an easy-to-find page of a public website. Nearly 90 percent of the supplier codes found were in PDF format. The code should also be translated into a number of languages, when appropriate, for suppliers’ employees. The translated versions of the code should be made available alongside the English version to show that the company operates in a global environment and makes its code accessible to non-English readers. Slightly more than a quarter of companies made their codes available in multiple languages, even though most of the codes reviewed belonged to companies with international supply chains and/or international business presence. Supplier codes should be placed on public websites where they can be easily found by employees of suppliers and those unfamiliar with supplier codes, such as consumers and investors. Several companies made their codes very visible on their public websites, including Alcoa, the Dow Chemical Company and BNSF. These companies placed their codes in logical and noticeable areas of their websites, such as on “Sustainability”, “About Us” or “Values and Ethics” pages. Alcoa placed its code in a section about bringing sustainability to the supply chain. Dow and BNSF both had valuable sections on the expectations of suppliers where their supplier codes and other documents were made available. 8.2 Leadership visibility and values A supplier code of conduct should contain at least an introduction or similar communication from a senior executive, such as the CEO, president, head of procurement or chairman of the board. Ideally, supplier codes should have quotes from senior executives throughout which discuss why the code is important and what the expectations of suppliers are. The language should be sincere and tailored to the work that the company is doing, trying to avoid generic statements that say little about the company’s specific work and reliance on the supply chain. Unfortunately, most supplier codes appeared to miss an opportunity to communicate tone from the top, as less than 20 percent of codes reviewed had any language from a senior executive. Is there a statement from a senior-level executive in the code? None 81.63% Yes, throughout the code 4.76% Yes, in an introduction 10.88% Only an occasional quote 2.72% A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  15. 15. Page 16 CA Technologies’ supplier code had a fine introduction from its Executive Vice President of Risk and Chief Administration Officer and its Chief Ethics & Compliance Officer. Becton, Dickinson and Company (BD) also employed the best practice of having multiple quotes from executives throughout the code in callout boxes. Teledyne’s supplier code had a personalised opening letter from their Chairman, President and CEO to introduce the document and call attention to the relationship between the company and its suppliers. 8.3 Understanding the code The supplier code should be easy to understand and concise. A best-practice supplier code would typically be 2000 to 4000 words long, averaging towards the lower edge. Some companies operate in more-regulated industries, which can result in a lengthier code but still a document that lives up to the top code standards. The majority of codes examined were shorter or significantly shorter than the recommended best-practice range. Word count of supplier codes 25.17%2001–4000 5.44%4001–6000 >6000 4.08% 1000–2000 42.18% <1000 23.13% The Red Flag Group
  16. 16. Page 17 A supplier code doesn’t have to cover as much ground as an employee code. There are fewer topics in a supplier code and the depth of coverage is typically not as deep as with an employee code. Oftentimes with an employee code stand-alone policies are repurposed, shortened and inserted into the code, making it too complex and hard to understand. The same mistake can happen with supplier codes if supplier agreements or purchase contracts are changed only slightly and refashioned as supplier code. Given the varied nature of the supplier-code audience, where there are more unknowns (regions, language barriers, cultural differences, varying laws etc.), it makes sense to keep some sections of a code intentionally generalised. However, many of the codes that were assessed took being ambiguous to extremes, resulting in codes that provided almost no practical information or value. It requires a fine balance to create a code that is general in nature but still provides practical guidance. 8.4 Risk topics The most important goal of a supplier code of conduct is to set consistent standards and expectations for supplier behaviours and provide guidance to those suppliers. Companies sometimes work with hundreds of vendors and contractors. The nature of today’s global supply chain has a great impact on these standards, as widely-accepted labour practice in one country could be illegal in another. As there is a uniformity of standards for product quality, there should also be a uniform set of standards for ethical behaviours in supplier dealings. The topics addressed in a global supplier code must be consistent and relevant for all suppliers, wherever they are located. Most companies will not create region- or country-specific versions of their supplier code, content-wise, so the challenge is in how to write a code that encompasses such a diverse supplier audience. A supplier code should be written in a tone and grade level that is easily understood. The recommended reading level for a supplier code of conduct is around the tenth-grade to twelfth-grade level. Some code writers might aim to have a reading level lower than a tenth-grade level, but due to the vocabulary and concepts in supplier codes it can be very difficult to write the code in simpler language. The majority of codes reviewed were too complex and at a grade level way above the recommended range. Grade level of supplier codes 19.05% 10–12 31.97% 12–14 14–16 38.78% 16–18 10.20% 18+ 0% A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  17. 17. Page 18 Many of the codes studied attempted to appeal to this varied audience by covering risk topics generally rather than specifically. Some codes that were reviewed had only one sentence for crucial topics such as harassment, confidential information or conflicts of interest. Statements such as “Laws concerning harassment must be followed” will be far too general to be of much use for suppliers who need to understand the code and put it into practical terms. Best-practice supplier codes will address about a dozen of the core risk topics listed on page 19. As mentioned before, there should be a balance when covering risk topics so enough information is given to readers to know how to act in an ethical and compliant manner without going too far into specifics. This balance is one of the most difficult things to achieve when writing a supplier code, and it was obvious that many of the companies whose codes were examined struggled with this challenge. Supplier codes cover topics which are often only briefly covered in employee codes (if they are covered at all), such as human rights, forced labour, child labour, human trafficking, corporal punishment, corporate dormitory living conditions and various aspects of supply chain and CSR. If a company is found to have been dealing with a supplier that violates human rights there is often an outcry from the public and a considerable scrutiny and backlash. Ethical standards are best communicated in supplier codes of conduct by having clear and sufficiently detailed coverage of the following risk topics. Are risk topics addressed in appropriate depth? No 33.33% Yes 21.77% Somewhat 44.90% The Red Flag Group
  18. 18. Page 19 When it came to covering risk topics, two of the very best supplier codes of conduct were those of Microsoft and Baxter International. Both companies comprehensively covered risk topics while still maintaining a concise code. Microsoft, in particular, had a fantastic blend of covering risk topics in appropriate depth but not overburdening the readers with too many fine details. It is also best practice to have a number of real-world examples (question-and-answer examples are best) placed in the supplier code. These scenarios put the rules of the code into practical application and help to make the code relevant for situations that readers could find themselves in. Unfortunately, only 13 percent of codes had any sort of learning aids, and most were only very basic lists or bullet points. Risk topics addressed in supplier codes 89.80% Human rights/workplace conditions/ wages and hours 86.39% Environmental compliance 86.39% Workplace safety and health 78.23% Discrimination 72.79% Bribery and corruption (including use of agents) 56.46% Data privacy and confidential information of customer companies 43.54% Conflicts of interest 43.54% Gifts and entertainment 40.82% Harassment 33.33% Product/service quality/integrity 31.97% Accuracy of records 20.41% Export compliance 15.65% Other industry-specific and country-specific risk topics A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  19. 19. Page 20 8.5 Reporting violations Information about how to raise concerns is one of the most critical (and often one of the most overlooked) parts of a supplier code. Providing phone numbers, websites, addresses and other alternative avenues for people to voice any concerns makes a supplier code of conduct an actionable document by alerting the company to possible misconduct. Employees of supplying companies can be fearful of reporting concerns internally, so these external avenues can be invaluable for preventing larger problems. It is recommended that supplier codes list at least three different avenues for making reports. Generally these are a phone number, a website and a postal address, with at least one method being anonymous. These avenues should be easy to find and clearly mentioned more than once throughout a code. Supplier codes should also encourage speaking up by including language about non-retaliation to reassure would-be whistleblowers. Over 70 percent of the examined codes had no language about non-retaliation, decreasing the likelihood of employees speaking up about unethical or illegal practices or unsafe working conditions. As mentioned earlier, McDonald’s code included an avenue for employees to text in their concerns via mobile phone – the only code examined that had such an avenue. Eastman Chemical also demonstrated exceptional reporting options within its supplier code, displaying five clear avenues to make reports in its document along with language about anonymous reporting. Reporting avenues listed in supplier codes 31.29% Email 31.29% Phone hotline Company’s phone number 19.05% Web hotline 17.69% Postal address 15.65% Company’s website 13.61% The Red Flag Group
  20. 20. Page 21 8.6 Look and feel The saying goes “Don’t judge a book by its cover”, but people are often quick to render judgement on a first impression. It is for this reason that the aesthetics and look of the code need to be taken into account. To be in line with best practices a code should be professionally designed, complete with branding, colours and photographs that reflect the brand and the nature of the company. Only 12 percent of the codes examined had any sort of company branding, while over 70 percent had no images or photographs whatsoever. Oshkosh Corporation and McDonald’s offer great examples of branding in a supplier code of conduct – both include photographs of their products, facilities and workers and consistently use company colours and logos. Without reading any of the text it would be fairly easy to tell the exact company that authored the code by looking at the many photographs. A code that looks visually appealing is more likely to be read as it is less intimidating than a code that resembles a contract or legal memo. Codes should also be easy to navigate and readers should be able to quickly find specific topics. This can be achieved with a logical structuring of the code or by adding a table of contents. 8.7 Implementation and enforcement In many ways a supplier code needs to be a self-contained document. With an employee code there is a common understanding within the company that there will be related training, awareness campaigns and on-going communications, so these don’t need to be discussed in the code document itself. With supplier codes, however, it is not known how much effort each supplier will put into communicating the code within their organisation. Most of the codes examined in the study made no mention of what actions the suppliers were expected to take to implement the code within their organisations. Only 17 percent noted the need for suppliers to train their employees about the codes. A supplier code must contain information about how that code should be implemented, enforced and communicated. While 51 percent of codes mentioned that they should be followed by suppliers, only 30 percent had explicit language stating that following them was mandatory and a condition of doing business with those companies. A supplier code of conduct is a written document that sets a company’s standards. Proper supply chain oversight goes beyond the written code with the ability of the company to monitor, audit and inspect supplier facilities, including making unannounced site visits, conducting unsupervised interviews with employee groups and gaining access to documents concerning working conditions and compliance with their code. Only slightly more than half of the codes mentioned the right of the company to audit or monitor supplier compliance. Most codes (92 percent) had some mention about the repercussions of not following; however only 30 percent noted the specific consequences (termination of contract etc.), with 31 percent including only ambiguous language about corrective actions and another 31 percent vaguely inferring that there may be consequences for not following. Including a section in a supplier code about the company’s right to conduct audits and inspections informs readers that that code is a serious document with real implications. If the code is not followed, the company should have the right to require improvements or other corrective actions, or, in severe cases, to terminate business relationships. To exercise effective audit rights, a company needs to have access to relevant documentation. Therefore, it must ensure that its suppliers retain such documentation. Forty-two percent of codes mentioned that suppliers needed to maintain relevant documentation to prove that they were complying with the code. A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  21. 21. Page 22 Vendors often have to certify that they are in compliance with a supplier code of conduct. When this certification is agreed to, the company can demonstrate that its suppliers have formally declared they are complying with the code. This can put part of the onus back on the supplier if they are found to be in violation of the code. Only six percent of codes noted that suppliers were required to self-monitor compliance with the code, while nearly a third of supplier codes stated that they expected suppliers to self-monitor. Promoting responsible business practices upstream is another best practice that is quickly becoming a common practice. Many companies encourage, expect or require their suppliers to work with the next-tier suppliers to adopt similar standards. Forty two percent of codes noted the need for next-tier suppliers (suppliers’ suppliers) to comply with the code. 8.8 Innovation and CSR As supplier codes are still somewhat in the adolescent stage, credit should be given to those companies that demonstrate thought leadership with innovative supplier codes. These companies (which are those listed in the “Top ten codes” on page 8) are raising the standard for what should be expected from supplier codes. CSR is a key reason that supplier codes are important. Companies should include additional language in their supplier codes of conduct which is aimed at broader stakeholder audiences as well as suppliers. Many of the codes examined appeared to have been written without much consideration for the wider audience of the code. Best-practice supplier codes should mention key elements of the CSR programme, such as sustainable activities, environmental preservation, human rights and respecting local communities. A few codes mentioned CSR only briefly, but still effectively. Kimberly-Clark’s code had an excellent section discussing environmental commitments and social sustainability, which related the code back to the larger CSR global effort. Apart from supplier standards, codes often contain language about the company’s larger commitments to the environment, communities and corporate values. It is this blending of CSR and supplier expectations which demonstrates that the supplier code should be written with a broad audience in mind. Of the 150 codes examined, over 63 percent had some mention of CSR initiatives. The supplier code is certainly a vital component in a CSR strategy. As codes are beginning to come under more scrutiny from outside sources, it was surprising to see that only ten percent had referenced sustainability and accountability. The Red Flag Group
  22. 22. Page 23 9. Importance of supplier codes To understand the importance of supplier codes of conduct, imagine the possibility of supply-chain oversight without a code of conduct. Supplier codes set the standards and expectations against which the suppliers can be measured and held accountable. Suppliers should be made to certify that they and their employees will follow the principles set forth in the code and will communicate them throughout their organisations. This gives the customer something to rely on if there is a serious breach by a supplier. Without a supplier code the company could be accused of not doing enough to prevent, turning a blind eye to or even condoning unsafe or substandard working conditions, bribery and corruption, human rights violations or environmental pollution. The absence of a supplier code could mean that employees of the supplying company could have no way to raise concerns or report unethical or illegal behaviours. There is also an intrinsic good in promoting integrity and responsible practices, human rights and environmental sustainability. Whether a company creates their own set of standards for suppliers or adopts an existing industry supplier code, these standards play an important role in improving the working conditions and wellbeing of supplier employees. Of the 150 codes that were examined, nearly 90 percent had some remark on human rights, including child or forced labour and working conditions. Some companies were very detailed in their explanation of the type of working environment employees could expect, while other codes were brief and only stated that human rights should not be violated. In any case, the topic of human rights ought to be in every supplier code and thought of as one of the most important topics to be addressed. The supplier’s working conditions and the buying company’s role are often scrutinised when there is a tragic event. No company can risk the reputational damage that would almost certainly result from accusations of condoning or not doing enough to prevent sweatshops or other substandard workplace conditions. A deadly and horrific tragedy occurred in Bangladesh in May 2013, when the Rana Plaza, an eight-story garment factory, collapsed. The death toll was 1129 and over 2500 others were injured. Major global retailers were purchasing garments made at the building and there was an outcry from the public and government officials that put a lot of pressure on both retailers and the garment manufacturing industry. Many companies have reacted to events such as this by improving the due diligence, monitoring and auditing of their prospective and existing suppliers by creating clear written standards and greater transparency. Conclusion The importance of supplier codes of conduct is growing. A supplier code that is well-made and thoughtfully written is beneficial to the company, the supplier, consumers and communities. As many companies have requisite standards for the goods and services received from suppliers the same high standards should be in place for ethical behaviours of the employees of supplying companies. The increased availability of supplier codes can further the cause of integrity and human rights and reduce the risk exposure for buying companies. The best practices for supplier codes are evolving. Companies that have never had supplier codes are drafting them for the first time. Likewise, companies that have not examined their supplier code in a decade or more are beginning to make changes to bring them in line with current laws and best practices. The trend is for companies to improve their supplier codes in three distinct areas: user-friendliness, making the rules clear and concise, and better implementing the code at the supplier company. A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  23. 23. Page 24 Supplier codes should continue to become more user-friendly in terms of ease of understanding as well as the presentation of the document. The information contained in the code should not be burdensome to understand for readers; it should be simply stated. Many of the top codes today achieve this by having the final readers in mind when they are created. Real-world examples in codes via question-and-answer sections are essential to take them from a set of rules on paper into real-world actions. Presenting the information in a document that contains pictures, colours and company branding can also increase the likelihood that the code will be read and remembered. Another key area for future supplier code improvement is covering topics in a concise and comprehensive manner. The chief goal of the supplier code is to communicate the expectations for ethical behaviors and this should be done by covering all the essential risk topics, including topics that are relevant to the company’s specific industry. Far too many codes today leave out necessary information on serious topics. The final area in which supplier codes must continue to evolve is the area of implementation. Some of the improvements for this section are simple fixes, such as listing a phone number, website or postal address for readers to make reports or ask questions. Other areas require a more holistic approach where companies must commit to enforce the code, audit suppliers and administer consequences to suppliers that are not in compliance with the code. Every code should also mention that persons who make good-faith reports will be protected from retaliation. So while some codes are in line with best practice, most are not. Today, the typical supplier code is four-pages long, contains no pictures, no colour, does not cover most of the important risk topics, is difficult to understand and is too soft with no “teeth”. However, supplier codes should see noticeable improvement in the coming years as consumers, investors, regulators, the media and the business community are starting to increase their focus on ethical sourcing, supplier transparency and oversight. Best practices will continue to evolve and companies must regularly advance their codes in accordance with these trends to make sure they are in line with legal standards. The Red Flag Group
  24. 24. Page 25 Appendix Company codes used in this study 3M – Industrial manufacturing ABB – Electronics, technology and telecommunications Adobe – Electronics, technology and telecommunications Air Berlin – Transportation Alabama Aerospace – Aerospace and defence Alcoa – Energy and extractive Amazon – Retail American Eagle – Retail Anglo American – Energy and extractive Apple – Electronics, technology and telecommunications Aramark – Leisure and hospitality ArcelorMittal – Energy and extractive Atlas Copco – Industrial manufacturing Balfour Beatty – Engineering and construction Barnes & Noble – Retail BASF – Chemicals Baxter – Healthcare products and services Bayer – Chemicals Becton, Dickinson and Company – Healthcare products and services BJ’s Wholesale Club – Retail Bombardier – Aerospace and defence BorgWarner – Automotive Boston Market – Leisure and hospitality Burlington Northern Santa Fe – Transportation CA Technologies – Electronics, technology and telecommunications Carquest Auto Parts – Automotive Cemex – Engineering and construction CH2M Hill – Engineering and construction Chevron – Energy and extractive The Clorox Company – Consumer products Colgate-Palmolive – Consumer products Continental AG – Automotive The Co-operative Group – Retail Corning – Electronics, technology and telecommunications Costco – Retail Covidien – Healthcare products and services A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  25. 25. Page 26 Cracker Barrel – Leisure and hospitality Crane Aerospace & Electronics – Aerospace and defence Cummins – Automotive Daimler AG – Automotive Danaher – Industrial manufacturing Deere & Company – Industrial manufacturing Delphi – Automotive Deutsche Bahn AG – Transportation DHL – Transportation Disney – Leisure and hospitality Dow Chemical – Chemicals Dr Reddy’s Laboratories – Healthcare products and services EADS – Aerospace and defence Eastman Chemical Company – Chemicals Eaton – Industrial Manufacturing ExOfficio – Consumer products Family Dollar – Retail Fiat Industrial – Automotive Fluor – Engineering and construction FMC Corporation – Chemicals Foot Locker – Retail Fraport AG – Engineering and construction Gap – Consumer products General Electric – Industrial manufacturing General Mills – Consumer products GKN Aerospace, St. Louis – Aerospace and defence H&M – Consumer products Herman Miller – Consumer products Hitachi – Electronics, technology and telecommunications HOCHTIEF – Engineering and construction Horizon Blue Cross Blue Shield of New Jersey – Healthcare products and services Hewlett-Packard – Electronics, technology and telecommunications Hyatt – Leisure & hospitality IBM – Electronics, technology and telecommunications Ingersoll Rand – Industrial Manufacturing Intel – Electronics, technology and telecommunications International Paper – Forestry, paper and packaging Invensys – Industrial manufacturing Irish Rail – Transportation JDS Uniphase Corporation – Electronics, technology and telecommunications The Red Flag Group
  26. 26. Page 27 KCOM Group – Electronics, technology and telecommunications Kellogg Company – Consumer products Kimberly-Clark – Forestry, paper and packaging Kone – Engineering and construction Lowe’s – Retail Macy’s – Retail Maersk – Transportation Marks & Spencer – Retail Marriott – Leisure and hospitality McDonald’s – Leisure and hospitality Merck – Healthcare Products and Services Metsä Group – Forestry, paper and packaging Microsoft – Electronics, technology and telecommunications Momentive – Chemicals Mondi – Forestry, paper and packaging MTR Corporation – Transportation NACCO Industries – Industrial manufacturing Neenah Paper – Forestry, paper and packaging Nestlé – Consumer products Nike – Consumer products Nokia – Electronics, technology and telecommunications Nucor – Energy and extractive Office Depot – Retail OfficeMax – Retail Ohaus – Electronics, technology and telecommunications Oracle – Electronics, technology and telecommunications Oshkosh Corporation – Transportation Pacific Gas and Electric Company – Energy and extractive PepsiCo – Consumer products Qantas – Transportation Quiznos – Leisure and hospitality Renault–Nissan Alliance – Automotive Resolute Forest Products – Forestry, paper and packaging Ricoh – Consumer products Rio Tinto – Energy and extractive Roche – Healthcare products and services Rockwell Collins – Aerospace and defence Rolls-Royce Holdings – Aerospace and defence Royal Dutch Shell – Energy and extractive Sadara – Chemicals A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  27. 27. Page 28 Safeway – Retail Sanofi – Healthcare products and services SCA – Forestry, paper and packaging Sealy – Consumer products Sears – Retail Shangri-La Hotels and Resorts – Leisure and hospitality Shiseido – Consumer products Siemens – Industrial manufacturing SigmaQ – Forestry, paper and packaging Singapore Airlines – Transportation SMA Railway – Transportation Sony – Electronics, technology and telecommunications Sprint – Electronics, technology and telecommunications Starbucks – Leisure and hospitality Stora Enso – Forestry, paper and packaging Stratas Foods – Consumer products Subway – Leisure and hospitality SunOpta – Consumer products Target – Retail Tata Steel – Energy and extractive Teledyne – Aerospace and defence Tim Hortons – Leisure and hospitality Toshiba – Electronics, technology and telecommunications Trinity Health – Healthcare products and services Tyson Foods – Consumer products Unilever – Consumer products Union Pacific – Transportation UPM – Forestry, paper and packaging VSE Corporation – Aerospace and defence Walmart – Retail Weyerhaeuser – Forestry, paper and packaging Wilsons Leather – Consumer products Yum! Brands – Leisure and hospitality Zale Corporation – Retail The above referenced companies may request a complimentary scorecard for their supplier code of conduct by sending an email to suppliercode@redflaggroup.com. The Red Flag Group
  28. 28. Page 29 About The Red Flag Group The Red Flag Group is The Compliance Firm™ that helps companies turn compliance into a competitive advantage. We create customised and integrated compliance solutions that add value to your business. For more information go to www.redflaggroup.com. About the author Robert Leffel, Director of Advisory at The Red Flag Group, is an expert in corporate compliance. He has extensive experience consulting hundreds of corporations across all major industry sectors on building effective, “best practice” compliance and ethics programmes. A benchmarking study of 150 supplier codes and an examination of the current supplier code landscape
  29. 29. Page 30 The Red Flag Group The Red Flag Group is a truly global company with offices and research centres in the United States, Europe, Asia, Africa and Latin America. For more information visit www.redflaggroup.com.